Forensic Summary
Two independent research teams demonstrated that OpenClaw, a self-hosted AI agent, is vulnerable to prompt injection attacks delivered through shared contacts, vCards, location pins, and plain emails — enabling attacker-controlled code execution and sensitive data exfiltration. Imperva's finding, now patched in version 2026.4.23, exploited the agent's failure to mark message objects as untrusted before passing them to the underlying LLM. Varonis separately showed that a single crafted email could instruct an agent to forward mock AWS credentials and customer data to an external address, a behaviour-level risk no patch can fully remediate.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/prompt-injection-via-vcards-and-email-enables-rce-and-data-exfiltration-in-agent/
Top comments (0)